Original Research

Towards a conceptual framework for protection of personal information from the perspective of activity theory

Tiko Iyamu, Yandiswa Ngqame
South African Journal of Information Management | Vol 19, No 1 | a867 | DOI: https://doi.org/10.4102/sajim.v19i1.867 | © 2017 Tiko Iyamu, Yandiswa Ngqame | This work is licensed under CC Attribution 4.0
Submitted: 22 March 2017 | Published: 06 November 2017

About the author(s)

Tiko Iyamu, Department of Information Technology, Cape Peninsula University of Technology, South Africa
Yandiswa Ngqame, Department of Business Administration, Cape Peninsula University of Technology, South Africa

Abstract

Background: Personal information about individuals is stored by organisations including government agencies. The information is intended to be kept confidential and strictly used for its primary and legitimate purposes. However, that has not always been the case in many South African government agencies and departments. In recent years, personal information about individuals and groups has been illegally leaked for other motives, in which some were detrimental. Even though there exists a legislation, Protection of Personal Information (POPI) Act, which prohibits such malpractices, illegally leaked information has however, not stopped or reduced. In addition to the adoption of the POPI Act, a more stringent approach is therefore needed in order to improve sanity in the use and management of personal information. Otherwise, the detriment that such malpractices cause too many citizens can only be on the increase.

Objectives: The objectives of this study were in twofold: (1) to examine and understand the activities that happen with personal information leaks, which includes why and how information is leaked; and (2) to develop a conceptual framework, which includes identification of the factors that influence information leaks and breaches in an environment.

Method: Qualitative research methods were followed in achieving the objectives of the study. Within the qualitative methods, documents including existing literature were gathered. The activity theory was employed as lens to guide the analysis.

Result: From the analysis, four critical factors were found to be of influence in information leaks and breaches in organisations. The factors include: (1) information and its value, (2) the roles of society and its compliance to information protection, (3) government and its laws relating to information protection and (4) the need for standardisation of information usage and management within a community. Based on the factors, a conceptual framework was developed.

Conclusion: This study can be used to guide implementation of information protection acts in any environment. It empirically contributes to societal awareness on how and why personal information is leaked and breached. Also, it will benefit academic domain, particularly in the use of activity theory.


Keywords

Information Systems; Information Management; Information Privacy; Information Protection; Activity Theory

Metrics

Total abstract views: 7873
Total article views: 6646


Crossref Citations

No related citations found.